Aug 1, 2018

Shipt Subdomain TakeOver via HeroKu ( )


 ( ) Subdomain Takeover via HeroKu

I notice that Shipt become Public Program

so I started scan for Subdomain TakeOver 
by Takeover tool edited by me

Then it detected  there is a possible Takeover on 
As it has a A record 

tried to go directly to 

The Page was not found 😀 

So I claimed it on HeroKu 

 Then I uploaded a Simple Node.js to Provide more POC only 

The Team was very fast 
Reported to  : Shipt Jul 28th

Triaged : 28th

Fixed  and rewarded in 10 min

Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student


  1. Assalamualaikum brother can you that subdomain scanner tool which you have developed?

  2. Please check your facebook message inbox ..Need urgent help

  3. can you provide the step by step guide to do it

  4. Can you please provide step by step procedure

  5. While following your report I tried to claim one of the subdomain. However I am getting the error stating that "Domain is currently use by another app". Am I missing something? Help appreciated.

    1. Sorry But this mean you can't claim it .. its already in another account